wiki:ALL__areas_of_responsibility

Version 3 (modified by lttoth@…, 10 years ago) (diff)

--

Areas of Responsibility

Original author: Beth Mercer - 20081031

Support for the University of Alaska Enterprise Directory and Authentication Service is comprised of the following (responsible department and general areas of support):

Project Management, Oversight, and Approvals

Identity and Access Management

Contact

Nathan Zierfuss
907-450-8112
njzierfuss@…

servers (directory/gateway hosts)

TS

Contact

Functional Responsibility

E Box Status ==

The LDAP responsitory and iplanet software has been moved to the IDMP cluster. The E Boxes, Edgar, Egegik, Eklutna, and Elias, are no longer maintained.

IDMP Cluster

  • RHEL O/S install and maintenance
  • iPlanet software install and maintenance
  • ISW software install and maintenance

iPlanet Directories (EDIR directory)

TS

Contact

manage log related space monthly job archiving directory related extract and log files

Appworx: EDIR_ARCHIVE

create and populate directory instances on new hardware configure and monitor replication create indexes and maintain plugins apply schema changes as needed apply ACI changes as needed create iPlanet roles as needed create and maintain password profiles schedule and monitor daily exports and backups and other

Appworx: LDAP_SUNONE_BACKUPS_* LDAP_SUNONE_DUMP_* LDAP_STATIC_FILES_*

configure/monitor ISW directory SSL certificate maintenance

Oracle Databases (EDIR "registry")

EAS

Contact

monitor daily dump and compare of registry and directory

Registry Scripts: dump_all.ksh and compare_dumps.ksh

resolve out of sync conditions daily EDIR Banner extract and feed to EDIR

Appworx: EDIR_EXT_<yyyytt>

daily email feeds from Banner to EDIR

Appworx: EDIR_UA?MAIL

monthly EDIR unit maintenance following BOR structure table updates

process documented at:

https://donnelly.alaska.edu/docs/LDAP/UPDATE_monthly_unit_changes

periodic data validation and cleanup

(primarily cleanup of admin contacts and unit heads/delegates that are no longer employed)

annual directory purge (of inactive records) annual review/renew/revoke of sponsored accounts

Web Gateways

Contact

Core Apps: EDIR Self Service Pages and AUTHSERV UI

respond to approved requests for interface changes/enhancements monitor batch jobs generating static data files used by interface

Appworx: LDAPGW_STATIC_FILES

monitor batch job synchronizing EDIR interface related files between servers

crontab: rsync*.ksh

EAS: UPDATE

respond to approved requests for interface changes/enhancements monitor batch jobs generating static data files used by interface

Appworx: LDAP_STATIC_FILES_*

Equalizer

Contact

TS

respond to requests for changes to the load balancing mixes for directory related clusters

NOTE: Kerberos legacy documentation has been removed as it no longer implemented for authentication. See Overview of Enterprise Directory Architecture for an historical description of functionality.

########################################################
LEGACY CHANGE HISTORY - NOTE: All subsequent changes are recorded in TracWiki
########################################################
20081027 elm corrected typo (hardware, not hardware); added reference to David Bantz for

oversite/approvals; added additional items of support/responsibility

20081031 elm corrected typos

# eof